From 805df2b12920d869b2bbc26a40bdd6eded0c5885 Mon Sep 17 00:00:00 2001
From: ryan <ryan@1a063a9b-81f0-0310-95a4-ce76da25c4cd>
Date: Thu, 30 Mar 2006 23:12:54 +0000
Subject: [PATCH] Ref checks from mdawaffe.

git-svn-id: http://svn.automattic.com/wordpress/trunk@3665 1a063a9b-81f0-0310-95a4-ce76da25c4cd
---
 wp-admin/categories.php        | 4 ++++
 wp-admin/comment.php           | 6 +++++-
 wp-admin/edit-comments.php     | 2 ++
 wp-admin/inline-uploading.php  | 2 ++
 wp-admin/link-import.php       | 2 ++
 wp-admin/moderation.php        | 2 ++
 wp-admin/options-permalink.php | 2 ++
 wp-admin/plugin-editor.php     | 2 ++
 wp-admin/templates.php         | 4 +++-
 wp-admin/theme-editor.php      | 2 ++
 wp-includes/classes.php        | 2 +-
 11 files changed, 27 insertions(+), 3 deletions(-)

diff --git a/wp-admin/categories.php b/wp-admin/categories.php
index 14e63f7227..9f444faca2 100644
--- a/wp-admin/categories.php
+++ b/wp-admin/categories.php
@@ -24,6 +24,8 @@ switch($action) {
 
 case 'addcat':
 
+	check_admin_referer();
+
 	if ( !current_user_can('manage_categories') )
 		die (__('Cheatin&#8217; uh?'));
 
@@ -93,6 +95,8 @@ case 'edit':
 break;
 
 case 'editedcat':
+	check_admin_referer();
+
 	if ( !current_user_can('manage_categories') )
 		die (__('Cheatin&#8217; uh?'));
 
diff --git a/wp-admin/comment.php b/wp-admin/comment.php
index e431c3d571..557bcfd37b 100644
--- a/wp-admin/comment.php
+++ b/wp-admin/comment.php
@@ -164,6 +164,8 @@ case 'mailapprovecomment':
 
 case 'approvecomment':
 
+	check_admin_referer();
+
 	$comment = (int) $_GET['comment'];
 	$p = (int) $_GET['p'];
 	if (isset($_GET['noredir'])) {
@@ -194,6 +196,8 @@ case 'approvecomment':
 
 case 'editedcomment':
 
+	check_admin_referer();
+
 	edit_comment();
 
 	$referredby = $_POST['referredby'];
@@ -208,4 +212,4 @@ default:
 	break;
 } // end switch
 include('admin-footer.php');
-?>
\ No newline at end of file
+?>
diff --git a/wp-admin/edit-comments.php b/wp-admin/edit-comments.php
index b4e946a608..5ead4874ef 100644
--- a/wp-admin/edit-comments.php
+++ b/wp-admin/edit-comments.php
@@ -51,6 +51,8 @@ function getNumChecked(form)
 <p><a href="?mode=view"><?php _e('View Mode') ?></a> | <a href="?mode=edit"><?php _e('Mass Edit Mode') ?></a></p>
 <?php
 if ( !empty( $_POST['delete_comments'] ) ) :
+	check_admin_referer();
+
 	$i = 0;
 	foreach ($_POST['delete_comments'] as $comment) : // Check the permissions on each
 		$comment = (int) $comment;
diff --git a/wp-admin/inline-uploading.php b/wp-admin/inline-uploading.php
index 97dc090c5b..c6ccac165e 100644
--- a/wp-admin/inline-uploading.php
+++ b/wp-admin/inline-uploading.php
@@ -2,6 +2,8 @@
 
 require_once('admin.php');
 
+check_admin_referer();
+
 header('Content-Type: text/html; charset=' . get_option('blog_charset'));
 
 if (!current_user_can('upload_files'))
diff --git a/wp-admin/link-import.php b/wp-admin/link-import.php
index 408b91657f..73a7ae17b3 100644
--- a/wp-admin/link-import.php
+++ b/wp-admin/link-import.php
@@ -63,6 +63,8 @@ foreach ($categories as $category) {
             } // end case 0
 
     case 1: {
+		check_admin_referer();
+
                 include_once('admin-header.php');
                 if ( !current_user_can('manage_links') )
                     die (__("Cheatin' uh ?"));
diff --git a/wp-admin/moderation.php b/wp-admin/moderation.php
index c684f6e1e4..37ef7c006c 100644
--- a/wp-admin/moderation.php
+++ b/wp-admin/moderation.php
@@ -32,6 +32,8 @@ switch($action) {
 
 case 'update':
 
+	check_admin_referer();
+
 	if ( ! current_user_can('moderate_comments') )
 	die('<p>'.__('Your level is not high enough to moderate comments.').'</p>');
 
diff --git a/wp-admin/options-permalink.php b/wp-admin/options-permalink.php
index 6b41e928ff..3ec746acbe 100644
--- a/wp-admin/options-permalink.php
+++ b/wp-admin/options-permalink.php
@@ -58,6 +58,8 @@ include('admin-header.php');
 $home_path = get_home_path();
 
 if ( isset($_POST) ) {
+	check_admin_referer();
+
 	if ( isset($_POST['permalink_structure']) ) {
 		$permalink_structure = $_POST['permalink_structure'];
 		if (! empty($permalink_structure) )
diff --git a/wp-admin/plugin-editor.php b/wp-admin/plugin-editor.php
index 9e94dfa605..9db3c3f678 100644
--- a/wp-admin/plugin-editor.php
+++ b/wp-admin/plugin-editor.php
@@ -34,6 +34,8 @@ switch($action) {
 
 case 'update':
 
+	check_admin_referer();
+
 	if ( !current_user_can('edit_plugins') )
 	die('<p>'.__('You have do not have sufficient permissions to edit templates for this blog.').'</p>');
 
diff --git a/wp-admin/templates.php b/wp-admin/templates.php
index d1e890a1e6..938b84c4e1 100644
--- a/wp-admin/templates.php
+++ b/wp-admin/templates.php
@@ -36,8 +36,10 @@ switch($action) {
 
 case 'update':
 
+	check_admin_referer();
+
 	if ( ! current_user_can('edit_files') )
-	die('<p>'.__('You have do not have sufficient permissions to edit templates for this blog.').'</p>');
+		die('<p>'.__('You have do not have sufficient permissions to edit templates for this blog.').'</p>');
 
 	$newcontent = stripslashes($_POST['newcontent']);
 	if (is_writeable($real_file)) {
diff --git a/wp-admin/theme-editor.php b/wp-admin/theme-editor.php
index e6d8093659..cf0065ef55 100644
--- a/wp-admin/theme-editor.php
+++ b/wp-admin/theme-editor.php
@@ -47,6 +47,8 @@ switch($action) {
 
 case 'update':
 
+	check_admin_referer();
+
 	if ( !current_user_can('edit_themes') )
 	die('<p>'.__('You have do not have sufficient permissions to edit templates for this blog.').'</p>');
 
diff --git a/wp-includes/classes.php b/wp-includes/classes.php
index a9a20d8752..7ea571bdc5 100644
--- a/wp-includes/classes.php
+++ b/wp-includes/classes.php
@@ -40,7 +40,7 @@ class retrospam_mgr {
 					if ( empty( $word ) )
 						continue;
 					$fulltext = strtolower($comment->email.' '.$comment->url.' '.$comment->ip.' '.$comment->text);
-					if( strpos( $fulltext, strtolower($word) ) != FALSE ) {
+					if( false !== strpos( $fulltext, strtolower($word) ) ) {
 						$this->found_comments[] = $comment->ID;
 						break;
 					}